Step 1: Obtain SSL certificate

Download the certificate needed to communicate over SSL with your Azure Database for MySQL server from https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem and save the certificate file to your local drive (this tutorial uses c:\ssl for example).
For Microsoft Internet Explorer and Microsoft Edge: After the download has completed, rename the certificate to BaltimoreCyberTrustRoot.crt.pem.

Step 2: Bind SSL

Connecting to server using the MySQL Workbench over SSL

Configure the MySQL Workbench to connect securely over SSL. From the Setup New Connection dialogue, navigate to the SSL tab. In the SSL CA File: field, enter the file location of the BaltimoreCyberTrustRoot.crt.pem.
For existing connections, you can bind SSL by right-clicking on the connection icon and choose edit. Then navigate to the SSL tab and bind the cert file.

Connecting to server using the MySQL CLI over SSL

Another way to bind the SSL certificate is to use the MySQL command-line interface by executing the following command:

Step 3: Enforcing SSL connections in Azure

Using the Azure portal

Using the Azure portal, visit your Azure Database for MySQL server, and then click Connection security. Use the toggle button to enable or disable the Enforce SSL connection setting, and then click Save. Microsoft recommends to always enable the Enforce SSL connection setting for enhanced security.

Using Azure CLI

You can enable or disable the ssl-enforcement parameter by using Enabled or Disabled values respectively in Azure CLI.